←back to thread

LinkedIn will soon train AI models with data from European users

(hostvix.com)
160 points skilled | 1 comments | 22 Sep 25 09:33 UTC | HN request time: 0s | source
Show context
senko ◴[22 Sep 25 10:35 UTC] No.45331497[source]
> The company says it will rely on “legitimate interests” as its legal basis and will offer an opt-out so members can refuse use of their data for training

"Legitimate interest" is a very specific term in context of GDPR. Not a lawyer, but have been looking into it previously, and I doubt "we want to feed data to our AI so we can make more money" passes the Legitimate Interest Assesment (LIA) test.

Here's an example of a test that must pass (sorry, docx, but way better than a random explainer): https://ico.org.uk/media2/for-organisations/forms/2258435/gd...

replies(2): >>45331640 #>>45331905 #
tgsovlerkhgsel ◴[22 Sep 25 10:51 UTC] No.45331640[source]
That looks like it would be easy to argue that it passes (claiming "makes the platform better for everyone", "not achievable without using the data", "the data is data that the people share voluntarily on the platform and isn't sensitive", "they're customers, we e-mailed them and they could opt out if they cared", "we expect this to have no impact on the individuals" (until the AI starts regurgitating sensitive details, but that's an "oops" for later), and "we are offering an opt-out even though we wouldn't have to" (claimed despite the lawyer strongly urging an opt-out, otherwise they wouldn't have even offered that).
replies(3): >>45331720 #>>45331723 #>>45333031 #
lionkor ◴[22 Sep 25 11:00 UTC] No.45331720[source]
GDPR doesn't allow "they knew and they could have opted out if they cared". You need explicit written consent.
replies(1): >>45331741 #
1. tgsovlerkhgsel ◴[22 Sep 25 11:02 UTC] No.45331741[source]
GDPR allows processing based either on consent (which doesn't need to be "written" but does need to be explicit and informed) or legitimate interest (or some other reasons that tend to be irrelevant for this kind of thing).

Legitimate interest does NOT require consent, is murky, and thus often gets used to justify things that should not exist under GDPR but the most likely consequence is that the company gets to do it for 3+ years before being told "no, you can't do that anymore"...